Vulnerability Details CVE-2017-5852
The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2017/02/01/12
- http://www.openwall.com/lists/oss-security/2017/02/02/10
- http://www.securityfocus.com/bid/97032
- https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp/
- http://www.openwall.com/lists/oss-security/2017/02/01/12
- http://www.openwall.com/lists/oss-security/2017/02/02/10
- http://www.securityfocus.com/bid/97032
- https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp/
Products affected by CVE-2017-5852
-
cpe:2.3:a:podofo_project:podofo:0.9.4